photofxplus Posted April 12, 2008 Share Posted April 12, 2008 As per request this topic is in regards to my contribution FX_Email_Verification. This contribution attempts to prevent bogus email address's upon creation of new accounts. Once an account is created the customer is emailed a password which will allow them to log in. The password fields on the Create Account page are dimmed and prepopulated with a randomly created password. These fields cannot be edited and/or selected by the customer. The store owner has the option to display these password fields or not to display them on the Create Account page. The contribution includes and Admin panel addition under customers. This selection titled 'Verify Customers' allows the store owner to view which accounts have been created and not logged into. After creating a new account, even using a bogus email address, the information is still written to the database. 'Verify Customers' will display all customers that have not logged into their account - within a set time period. This set time period can be edited - default value is 30 days which means that anyone that has created the account and has not logged in after 30 days after will be displayed with a status indicater of red in the 'Password Expired' column. One other useful date that can be edited is the 'account verification start date', all customers before this date will not display on the 'Verify Customers' page. Reason - that account has already been created, bogus email or not. Customer accounts can be deleted from the 'Customer Verify' page. Installation is simple, just copy the catalog folder over your existing. No database changes.. The contribution includes a read_me.txt which explains more specifics concerning editing variables such as where they are and values. Please post any suggestions, comments, and/or issues in this topic. Quote Lloyd Link to comment Share on other sites More sharing options...
photofxplus Posted April 14, 2008 Author Share Posted April 14, 2008 FX_Email_Verification v4.0 just posted. This version offers complete user editing of Settings from the Admin Panel. Previous versions required manual editing in the code pages for the following settings: 1. Account verification date - this setting allows the store owner to set the date that all customers whom have created an account before or after to be displayed or not on the customer verification page. 2. Password length - allows the store owner to set the length of the emailed password in characters. 3. Password expiry time in days - displays status of account if account has not been logged into from account creation date to now. 4. Display password text boxes on Create Account page - by request, store owner has the option of displaying password text boxes on the Create Account page. This version now writes to the databse table 'configuration' with the four constants named above. Quote Lloyd Link to comment Share on other sites More sharing options...
scorp Posted April 15, 2008 Share Posted April 15, 2008 (edited) Works great, but how can the email sent to the customer reflect now many days the admin has set there password for. The email reads The return link above is temporary and will expire in 24 minutes this is nolonger the case. Using the link prior to expiration will restore any items you may have had in your shopping cart. With the time now set to days this doesnt apply. It would be nice for the email to match the time set in the admin ie Your password expires in (what admin set it as) days. Edited April 15, 2008 by scorp Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 Works great, but how can the email sent to the customer reflect now many days the admin has set there password for. The email reads The return link above is temporary and will expire in 24 minutes this is nolonger the case. Using the link prior to expiration will restore any items you may have had in your shopping cart. With the time now set to days this doesnt apply. It would be nice for the email to match the time set in the admin ie Your password expires in (what admin set it as) days. The expiration of the link details how long the session id should last. If the customer had any products in the cart before creating the account then - when they return the cart should still be there. That was on previous versions which included the session id in the link. v4.0 just has a link back to the log-in page because I found out that including the session id was not neccessary to restore cart contents. But you are right - that part of the email should be changed - worded better - and your suggestion to include a password expiration date would be nice. I will add that in the next update. You could do it yourself: Page 'catalog/includes/languages/english/create_account_redirect.php' Line 36 define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 30; . ' days.' . "\n\n"); Thank you. Quote Lloyd Link to comment Share on other sites More sharing options...
scorp Posted April 15, 2008 Share Posted April 15, 2008 (edited) Page 'catalog/includes/languages/english/create_account_redirect.php' Line 36define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 30; . ' days.' . "\n\n"); Thank you. Thx will try it Edited April 15, 2008 by scorp Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 (edited) I have just posted an update to address the above issue. Thank you for your comments scorp.. FX_Email_Verification_4.0-Update_a http://addons.oscommerce.com/info/5678 Edited April 15, 2008 by photofxplus Quote Lloyd Link to comment Share on other sites More sharing options...
scorp Posted April 15, 2008 Share Posted April 15, 2008 I have just posted an update to address the above issue. Thank you for your comments scorp.. i cant get the line to work keeps failing on line 36. ive tryed define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 7; . ' days.' . "\n\n"); tryed without the ; after 7 could someone have a look at this im sure it just a / or something in the wrong place. Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 Yeah I tried it after posting and could not get it to work either.. sorry Try the update. Quote Lloyd Link to comment Share on other sites More sharing options...
scorp Posted April 15, 2008 Share Posted April 15, 2008 i cant get the line to work keeps failing on line 36. ive tryed define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 7; . ' days.' . "\n\n"); tryed without the ; after 7 could someone have a look at this im sure it just a / or something in the wrong place. Parse error: syntax error, unexpected ';' in /home/sites/my_site/public_html/catalog/includes/languages/english/create_account_redirect.php on line 36 Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 OK, I uploaded an update - but if you want to do it maually then change the file: At the top find this: // Sets the session expire time to be displayed in minutes for the email if (isset($SESS_LIFE)) { $sess_minutes = $SESS_LIFE/60; } else { $sess_minutes = '-contact store owner for details-'; } Put this under it: if (defined('ACCOUNT_PASSWORD_EXPIRY')) { $days = ACCOUNT_PASSWORD_EXPIRY; } else { $days = '30'; } Then change Line 36 to this: define('EMAIL_NOTE', SEPERATER . "\n" . 'The password above is temporary and will expire in ' . $days . ' days.' . "\n" . 'Using the return link above within ' . $sess_minutes . ' minutes will restore any items you may have had in your shopping cart.' . "\n\n"); Quote Lloyd Link to comment Share on other sites More sharing options...
scorp Posted April 15, 2008 Share Posted April 15, 2008 Parse error: syntax error, unexpected ';' in /home/sites/my_site/public_html/catalog/includes/languages/english/create_account_redirect.php on line 36 Forget my last msg you must of posted just before your post about the update works fine with the update. Quote Link to comment Share on other sites More sharing options...
Guest Posted April 15, 2008 Share Posted April 15, 2008 Hello, I instaled that contrib (version 3.0) and it works great. It would be very nice if the link in the email would point to account_password.php in order that customers could easily change their password, because I think is it difficult to some customers to change their password because they are not familiar with oscommerce stores, and they can forget it. That could be perfect is if that link could point to a site where you only need to enter the new password, instead entering before the old one. Thank you very much Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 You should download the latest version 4.0 plus the update 4.0-Update_a instead.. You can install directly over 3.0. I could do that - have the link go to change password instead - however the customer would still have to log on using the generated password first in order to access the page. If you want you can change the link in the email yourself. Page: catalog\create_account.php Around Line 279 $fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_LOGIN; Change to: $fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_ACCOUNT_PASSWORD; Quote Lloyd Link to comment Share on other sites More sharing options...
Guest Posted April 15, 2008 Share Posted April 15, 2008 (edited) Ok, I will try it. I knew that customers have to log on before, but I think is better if just after logging in, you see the change password page. I will install version 4.0, but because I have other contributions that modify create_account.php I am going to edit only the changes between v3 and v4, as I did when I installed version 3. Thank yoy very much, it is just the contribution I was looking for. Edited April 15, 2008 by henryfabu Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 Dont forget the update_a.. Install this as well. Its just one page for the language file. Quote Lloyd Link to comment Share on other sites More sharing options...
scorp Posted April 15, 2008 Share Posted April 15, 2008 (edited) If you want you can change the link in the email yourself. Page: catalog\create_account.php Around Line 279 $fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_LOGIN; Change to: $fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_ACCOUNT_PASSWORD; I think this is a better way, least the customer can change the password after they have signed in. Not many people would go to my account and change it. This way the customer has it forced apon them to change it if they wished. Edited April 15, 2008 by scorp Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 I think this is a better way, least the customer can change the password after they have signed in. Not many people would go to my account and change it.This way the customer has it forced apon them to change it if they wished. OK guys - Ill put it in the contrib and upload a complete pckg. Thanks for the input.. Better yet - I will add the option to the Settings box in the Admin Panel.. Quote Lloyd Link to comment Share on other sites More sharing options...
scorp Posted April 15, 2008 Share Posted April 15, 2008 Better yet - I will add the option to the Settings box in the Admin Panel.. You work like a god full respect goes to you :) i wish i had a webmaster like you. Quote Link to comment Share on other sites More sharing options...
Guest Posted April 15, 2008 Share Posted April 15, 2008 I was updating to version 4. Then I will wait until next version. Thank you! Quote Link to comment Share on other sites More sharing options...
photofxplus Posted April 15, 2008 Author Share Posted April 15, 2008 I have just posted the new version FX_Email_Verification 4.0a The newer version address's the requested option of the email link in the password email sent to the customer. Store owner now has the option of choosing to redirect customer to the password change page or the default page. This option is added to the Settings box in the Admin Panel. Numerous other editing has been performed - Register Globals enhancements - and a number of changes to the create_account page. Thanks to all the above for the suggestions. Quote Lloyd Link to comment Share on other sites More sharing options...
mylo75 Posted May 8, 2008 Share Posted May 8, 2008 Hello, I have installed the 4.0a contribution but I still have a question related to the following quotation in your install file (read_me.txt): "The contribution now adds 5 new rows to the database table 'configuration'. These constants can be seen by searching for the text 'FX_Verification_Email' in the column 'configuration_title'. The dafault values are used and no changes made to the database table 'configuration' until the 'Update' button is pressed in the Admin Panel Customers/Verify Customers - Settings Box." And I don't see any SQL file to update the 'configuration' table in your 4.0a package. Maybe I am wrong but it seems this file is missing? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
photofxplus Posted June 1, 2008 Author Share Posted June 1, 2008 (edited) And I don't see any SQL file to update the 'configuration' table in your 4.0a package. Maybe I am wrong but it seems this file is missing? This seems to be a common question. Most contributions use an sql file to update the database. Versions up to 3.0 did not perform any changes to the database. The necessary variable were hard coded and changed by the user. These variables were set on pages, catalog/admin/customer_verify.php and catalog/create_account.php. I receievd a request to move these variables to the Admin panel - Customers/Customer Verification. This would enable the store owner to change these variables from the Admin panel rather than needing to change the files and re-load. So along came version 4.0, the newer version allows the store owner to administer changes to the contribution from the Admin panel rather than accessing the file code - and thus needs to place these varibles somewhere else for safekeeping. So I did instigate some database changes - and still did it without an sql file for previous version updates version 3 to 4 as well. This means that you never need an sql file for early versions, and still do not need one for the latest version. The database updates are performed when you click the 'Update' button in the Admin panel under customers/customer verification. Even if you have previously installed version 3.0 or prior - then updated to 4.0, the code will check first time for database updates from previous versions which did not require it. If the database updates have not been added then the new rows will be inserted. There after the new rows are only updated. You can see this on page: admin/customer_verify.php Line:131 if ($check['total'] > '0') { while (list($key, $value) = each($post_array)) { $update_array = array('configuration_value' => $value); tep_db_perform(TABLE_CONFIGURATION, $update_array, 'update', "configuration_key = '" . $key . "'"); } // Check if RETURN_URL exists in db - if not - needs to be inserted first time for previous version update $check_query = tep_db_query("select configuration_key from " . TABLE_CONFIGURATION . " where configuration_key = 'RETURN_URL' limit 1"); if (tep_db_num_rows($check_query) < 1) { tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, date_added) values ('FX_Verification_Email', 'RETURN_URL', '" . $post_array['RETURN_URL'] . "', now())"); } } else { while (list($key, $value) = each($post_array)) { tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, date_added) values ('FX_Verification_Email', '" . $key . "', '" . $value . "', now())"); } } As always I appreciate the feedback. Speaking of which, I received a PM from Patrick van Zuijlen concerning the following, understand you would like to hear when someone has a suggestion. I noticed that if a customer has an account, it is possible that he/she could change their e-mail address to a bogus one. I think the difficult here is in the situation they must be logged-in to be able to go to their account_edit.php, but your contribution checks to prevent a session so they must use their new password from the e-mail. Maybe it is possible to delete the session(s) or logg them out, a check for sure and then changing the password and sent the e-mail? If they are able to refresh the account_edit page after the new password is saved, it is possible to see the new password. A other option is that the customer cannot change the e-mail address, or maybe the administrator must approve the changed e-mail address. When thinking about this, maybe the password_forgotten.php page can be used. In addition they put in the old and also the new e-mail address. The password and e-mail address are changed and the 'standard' password-forgotten mail is sent to the customer. I do see that password_forgotten.php is not able to prevent a session/to be logged in I am working on this - but I have two other websites that I have to finish first, (I get paid for them) and they are some major projects. It will be a few weeks yet - but I intend to upload a new version of FX_Email_Verfication in the future. Any other suggestions or comments concerning a new version would be appreciated. Please post to this forum. Edited June 1, 2008 by photofxplus Quote Lloyd Link to comment Share on other sites More sharing options...
Ariffshah Posted February 21, 2009 Share Posted February 21, 2009 (edited) Dear Lloyd, Thank you for sharing this wonderful contribution. :thumbsup: :thumbsup: . At least now we will know who is our genuine customer. However, after successfully installing your version 4.0a, I tried to register new account and I did not received any email from my store for the password. Hope you can help me how to solve this problem as this contribution will help me to avoid getting credit card fraud customer in near future. p/s: Emailed sent to gmail account but not to yahoo account. Best regards. Ariff Edited February 21, 2009 by Ariffshah Quote Link to comment Share on other sites More sharing options...
Ariffshah Posted March 20, 2009 Share Posted March 20, 2009 Dear Lloyd, is there anyway we as a store owner can check password for our client? One of my customer sign up today and she said that she did not received any email verification for creating the account. It would be nice if we can resent the password verification or send them the verification link to our customer. Cheers. Quote Link to comment Share on other sites More sharing options...
Ariffshah Posted April 29, 2009 Share Posted April 29, 2009 Dear Lloyd, Thank you for sharing this wonderful contribution. :thumbsup: :thumbsup: . At least now we will know who is our genuine customer. However, after successfully installing your version 4.0a, I tried to register new account and I did not received any email from my store for the password. Hope you can help me how to solve this problem as this contribution will help me to avoid getting credit card fraud customer in near future. p/s: Emailed sent to gmail account but not to yahoo account. Best regards. Ariff Till to date, more than 30+ new customer register and did not complete the verification. I am worried as all this customer are using yahoo & hotmail email account. Is anyone could help me to solve this as the other solution is to inform the customer to not register using yahoo or hotmail email account. Thank you in advance. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.